CVE-2017-9929

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions lrzip version 0.631

Description A stack buffer overflow was found in the get fileinfo function in lrzip.c at line 1074, which allows attackers to cause a denial of service via a crafted file.

Recommendations For lrzip version 0.631, consider disabling the get fileinfo function as a temporary workaround until a patch is available. Restrict access to potentially crafted files to minimize the risk of exploitation.

Fix

DoS

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-119

Related Identifiers

CVE-2017-9929

DLA-2725-1

USN-5171-1

USN-5171-2

Affected Products

Ubuntu

Lrzip

CVE-2017-9929

Weakness Enumeration

Related Identifiers

Affected Products

References · 26